Quote from: nawlinsx on August 02, 2012, 07:36 amWe've been sellers here for about a month. Our experience with PGP in the past has been annoying, so we weren't terribly enthusiastic about using it here. We implemented it, however, and fucked something up - then we fixed it (maybe) but two people sent us their message incorrectly. We yanked it and we put on our user page that we would be implementing it soon... A shame your initial experiences weren't good, but we can fix that. Well, we can't chage the past, but we can help you for the future.Quote from: nawlinsx on August 02, 2012, 07:36 amSometime in the last week we decided to change our user page to say that we won't be using PGP in the foreseeable future. Since then we've received a number of messages from buyers saying "Why?" and "I never send my shipping details without PGP..."Good. That means the message is spreading.Quote from: nawlinsx on August 02, 2012, 07:36 amHere's our response. Any and all feedback/advice are welcome!We don't use PGP for several reasons:1. It has proven to be a pain in the ass in the past, both with operator problems on our end and with people sending things incorrectly.That can be fixed with education.Quote from: nawlinsx on August 02, 2012, 07:36 am2. The SR system and/or privnote.com seem fine for the task for us.Privnote is a terrible idea (just search the forum for the other Privnote threads). Using the SR system on its own is better than using Privnote, but it is still open to compromise and OpenPGP messages will protect against this.Quote from: nawlinsx on August 02, 2012, 07:36 am3. The extra protection you think you're getting from "adversaries" because you're using PGP is illusory. If some law enforcement agency decides to sting SR buyers, they will open a seller's account - with full PGP - and harvest victims.As Guru said, that's always a risk. If a vendor is law enforcement then no amount of cryptography will defend you against them harvesting your address.Quote from: nawlinsx on August 02, 2012, 07:36 amFurthermore, once you successfully transmit a message to a legitimate seller using PGP, you have no idea how carefully they handle it (or not) upon receipt.That's also a known risk. If a vendor is unable to enact secure communications procedures, it isn't too likely that they will be able to correctly handle and destroy any data they receive.Quote from: nawlinsx on August 02, 2012, 07:36 amI know of one popular seller on SR who receives addresses via PGP, then emails them with the corresponding order in CLEARTEXT through GMAIL to the people he has doing his fulfillment for him at another location.Have you reported this to SR's staff?Quote from: nawlinsx on August 02, 2012, 07:36 amIf we're missing something fundamental here, please fill us in. We're not trying to be dicks.We take address handling quite seriously. We do not record the addresses anywhere. They are retrieved from SR at the moment we are ready to print the label. Once the label is printed, we confirm and close the label printing software without saving any data.Not bad.Quote from: nawlinsx on August 02, 2012, 07:36 amWhy do some people not like privnote? We think it is quite clever!It isn't. Seriously, go and search the forum for previous Privnote discussion.Quote from: nawlinsx on August 02, 2012, 07:36 amNow - would receiving, opening and collating three privnotes be a bigger pain in the ass for us than receiving a PGP-encrypted address?Yes, especially with the vulnerabilities it leaves you open to.If you're willing to learn, there are people here, who can help you get PGP or GPG running.Which operating system are you using and which version(s) of PGP or GPG have you tried to run? What are the problems you encountered?